zone.html   [plain text]


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
  <TITLE>BIND zone Statement</TITLE>
</HEAD>

<BODY>
<H2>BIND Configuration File Guide--<CODE>zone</CODE> Statement</H2>

<HR>

<A NAME="Syntax"><H3>Syntax</H3></A>

<PRE>
zone <VAR><A HREF="docdef.html">domain_name</A></VAR> [ ( in | hs | hesiod | chaos ) ] { 
  type master;
  file <VAR><A HREF="docdef.html">path_name</A></VAR>;
  [ forward ( only | first ); ]
  [ forwarders { [ <VAR><A HREF="docdef.html">ip_addr</A></VAR> ; [ <VAR>ip_addr</VAR> ; ... ] ] }; ]
  [ check-names ( warn | fail | ignore ); ]
  [ allow-update { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ]
  [ allow-query { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ]
  [ allow-transfer { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ]
  [ dialup <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
  [ notify (<VAR><A HREF="docdef.html">yes_or_no</A></VAR> | explicit ); ]
  [ also-notify { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR>ip_addr</VAR>; ... ] }; ]
  [ ixfr-base  <VAR><A HREF="docdef.html">path_name</A></VAR>; ]
  [ pubkey <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR>string</VAR>; ]
}; 

zone <VAR><A HREF="docdef.html">domain_name</A></VAR> [ ( in | hs | hesiod | chaos ) ] { 
  type ( slave | stub );
  [ file <VAR><A HREF="docdef.html">path_name</A></VAR>; ]
  [ ixfr-base  <VAR><A HREF="docdef.html">path_name</A></VAR>; ]
  masters [ port <VAR><A HREF="docdef.html">ip_port</A></VAR> ] { <VAR><A HREF="docdef.html">ip_addr</A></VAR> [key <VAR><A HREF="key.html">key_id</A></VAR>]; [ ... ] };
  [ forward ( only | first ); ]
  [ forwarders { [ <VAR><A HREF="docdef.html">ip_addr</A></VAR> ; [ <VAR>ip_addr</VAR> ; ... ] ] }; ]
  [ check-names ( warn | fail | ignore ); ]
  [ allow-update { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ]
  [ allow-query { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ]
  [ allow-transfer { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ]
  [ transfer-source <VAR><A HREF="docdef.html">ip_addr</A></VAR>; ]
  [ dialup <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
  [ max-transfer-time-in <VAR>number</VAR>; ]
  [ notify <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
  [ also-notify { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR>ip_addr</VAR>; ... ] }; ]
  [ pubkey <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR>string</VAR>; ]
};

zone <VAR><A HREF="docdef.html">domain_name</A></VAR> [ ( in | hs | hesiod | chaos ) ] { 
  type forward;
  [ forward ( only | first ); ]
  [ forwarders { [ <VAR><A HREF="docdef.html">ip_addr</A></VAR> ; [ <VAR>ip_addr</VAR> ; ... ] ] }; ]
  [ check-names ( warn | fail | ignore ); ]
};

zone "." [ ( in | hs | hesiod | chaos ) ] { 
  type hint;
  file <VAR><A HREF="docdef.html">path_name</A></VAR>;
  [ check-names ( warn | fail | ignore ); ]
};
</PRE>

<HR>

<A NAME="Usage"><H3>Definition and Usage</H3></A>

<H4>Zone Types</H4>

<DL>
<DT><CODE>master</CODE>
<DD>
The server has a master copy of the data for the zone and will be able
to provide authoritative answers for it.


<DT><CODE>slave</CODE>
<DD>
A <CODE>slave</CODE> zone is a replica of a master zone.  The
<CODE>masters</CODE> list specifies one or more IP addresses that the
slave contacts to update its copy of the zone.  If a <CODE>port</CODE>
is specified then checks to see if the zone is current and zone transfers
will be done to the port given.  If <CODE>file</CODE>
is specified, the replica will be written to this file whenever
the zone is changed, and reloaded from this file on a server restart.
Use of
<CODE>file</CODE> is recommended, since it often speeds server startup
and eliminates a needless waste of bandwidth.  Note that for large numbers
(in the tens or hundreds of thousands) of zones per server, it is best to
use a two level naming scheme for zone file names.  For example, a slave
server for the zone <CODE>vix.com</CODE> might place the zone contents into
a file called <CODE>"vi/vix.com"</CODE> where <CODE>vi/</CODE> is just the
first two letters of the zone name.  (Most operating systems behave very
slowly if you put 100K files into a single directory.)

<DT><CODE>stub</CODE>
<DD>
A <CODE>stub</CODE> zone is like a slave zone, except that it replicates
only the NS records of a master zone instead of the entire zone.

<DT><CODE>forward</CODE>
<DD>
A <CODE>forward</CODE> zone is used to <A HREF="options.html#Forwarding">
direct all queries</A> in it to other servers.  The specification of
options in such a zone will override any global options
declared in the <A HREF="options.html#Forwarding">options</A> statement.

<P>If either no <CODE>forwarders</CODE> statement is present in the
zone or an empty list for <CODE>forwarders</CODE> is given, no
forwarding will be done for the zone, cancelling the effects of any
<CODE>forwarders</CODE> in the <CODE>options</CODE> statement.
Thus if you want to use this
type of zone to change the behavior of the global <CODE>forward</CODE>
option, and not the servers used, you also need to respecify the
global forwarders.

<DT><CODE>hint</CODE>
<DD>
The initial set of root nameservers is specified using a
<CODE>hint</CODE> zone.  When the server starts up, it uses the root hints
to find a root nameserver and get the most recent list of root nameservers.
</DL>

<P>Note: previous releases of BIND used the term <EM>primary</EM> for a
master zone, <EM>secondary</EM> for a slave zone, and <EM>cache</EM> for
a hint zone.</P>

<H4>Class</H4>

<P>The zone's name may optionally be followed by a class.  If a class
is not specified, class <CODE>in</CODE> (for "internet"), is assumed.
This is correct for the vast majority of cases.

<P>The <CODE>hesiod</CODE> class is for an information service from MIT's
Project Athena.  It is used to share information about various systems
databases, such as users, groups, printers and so on.  More
information can be found at 
<A HREF="ftp://athena-dist.mit.edu/pub/ATHENA/usenix/athena_changes.PS">MIT</A>.
The keyword <CODE>hs</CODE> is a synonym for <CODE>hesiod</CODE>.</P>

<P>Another MIT development was CHAOSnet, a LAN protocol created in the
mid-1970s.  It is still sometimes seen on LISP stations and other
hardware in the AI community, and zone data for it can be specified
with the
<CODE>chaos</CODE> class.</P>

<H4>Options</H4>

<DL>
<DT><CODE>check-names</CODE>
<DD>
See <A HREF="options.html#NameChecking">Name Checking</A>.

<DT><CODE>allow-query</CODE>
<DD>
See the description of <CODE>allow-query</CODE> in the
<A HREF="options.html#AccessControl">Access Control</A> section.  Note that
this should in general be <I>more restrictive</I> than the similar global
option of the same name; otherwise, confusing and nonworthwhile delegations
will be returned.

<DT><CODE>allow-update</CODE>
<DD>
Specifies which hosts are allowed to submit Dynamic DNS updates to the
server.  The default is to deny updates from all hosts.

<DT><CODE>allow-transfer</CODE>
<DD>
See the description of <CODE>allow-transfer</CODE> in
the <A HREF="options.html#AccessControl">Access Control</A> section.

<DT><CODE>transfer-source</CODE>
<DD>
<CODE>transfer-source</CODE> determines which local address will be bound to
the TCP connection used to fetch this zone.  If not set, it defaults to a
system controlled value which will usually be the address of the interface
``closest to'' the remote end.  This address must appear in the remote end's
<CODE>allow-transfer</CODE> option for this zone if one is specified.

<DT><CODE>ixfr-base</CODE>
<DD>
<CODE>ixfr-base</CODE> 
specifies the file name used for IXFR transaction log file.

<DT><CODE>max-transfer-time-in</CODE>
<DD>
See the description of <CODE>max-transfer-time-in</CODE> in
the <A HREF="options.html#ZoneTransfers">Zone Transfers</A> section.

<DT><CODE>dialup</CODE>
<DD>
See the description of <CODE>dialup</CODE> in
the <A HREF="options.html#BooleanOptions">Boolean Options</A> section.

<DT><CODE>notify</CODE>
<DD>
See the description of <CODE>notify</CODE> in
the <A HREF="options.html#BooleanOptions">Boolean Options</A> section.

<DT><CODE>also-notify</CODE>
<DD>
<CODE>also-notify</CODE> is only meaningful if <CODE>notify</CODE> is
active for this zone.  The set of machines that will receive a DNS
NOTIFY message for this zone is made up of all the listed nameservers
for the zone (other than the primary master) plus any IP addresses
specified with <CODE>also-notify</CODE>.  <CODE>also-notify</CODE> is not
meaningful for <CODE>stub</CODE> zones.  The default is the empty list.

<DT><CODE>forward</CODE>
<DD>
<CODE>forward</CODE> is only meaningful if the zone has a
<CODE>forwarders</CODE> list.  The <CODE>only</CODE> value causes the
lookup to fail after trying the <CODE>forwarders</CODE> and getting no
answer, while <CODE>first</CODE> would allow a normal lookup to be tried.

<DT><CODE>forwarders</CODE>
<DD>
The <CODE>forwarders</CODE> option in a zone is used to override the
list of global forwarders.  If it is not specified in a zone of type
<CODE>forward</CODE>, <STRONG>no</STRONG> forwarding is done for the
zone; the global options are not used.

<DT><CODE>pubkey</CODE>
<DD>
A pubkey represents a public key for this zone.  It is needed when this is the
top level authoritative zone served by this server and there is no chain of
trust to a <A HREF="trusted-keys.html">trusted key</A>.  It is considered
secure, so that data that it signs will be considered secure.  The DNSSEC
flags, protocol, and algorithm are specified, as well as a base-64 encoded
string representing the key.

</DL>
<HR>

<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>

<HR>
<ADDRESS>
Last Updated: $Id: zone.html,v 1.1.1.4 2002/11/18 22:26:21 bbraun Exp $
</ADDRESS>
</BODY>
</HTML>